An ``RSA operation,'' whether for encrypting or decrypting, signing or
verifying, is essentially a modular exponentiation, which can be
performed by a series of modular multiplications.

In practical applications, it is common to choose a small public
exponent for the public key; in fact, entire groups of users can use
the same public exponent. This makes encryption faster than decryption
and verification faster than signing. Algorithmically, public-key
operations take O(k2) steps, private key operations take O(k3) steps,
and key generation takes O(k4) steps, where k is the number of bits in
the modulus; O-notation refers to the an upper bound on the asymptotic
running time of an algorithm.

There are many commercially available hardware implementations of RSA,
and there are frequent announcements of newer and faster chips. The
fastest current RSA chip has a throughput greater than 600 Kbits per
second with a 512-bit modulus, implying that it performs over 1000 RSA
private-key operations per second. It is expected that RSA speeds will
reach 1 Mbit/second within a year or so.

By comparison, DES is much faster than RSA. In software, DES is
generally at least 100 times as fast as RSA. In hardware, DES is
between 1,000 and 10,000 times as fast, depending on the
implementations. RSA will probably narrow the gap a bit in coming
years, as it finds growing commercial markets, but will never match the
performance of DES.